Vulnerability issue with request library

[sudheer-den]

We have a mend scan issue reporting a vulnerability issue with requests package to be upgraded to 2.32.4 to resolve the issue. We see this is compatibility issue with this package to update. Can we have a patched version?

Apparently its an issue with ibm-watsonx-ai library which is required by langchain-ibm

Dependency cycle: langchain-ibm -> ibm-watsonx-ai -> ibm-cos-sdk -> ibm-cos-sdk-core (2.14.1) which is mandating requests library to be ">=2.32.0,<2.32.3"

https://www.mend.io/vulnerability-database/CVE-2024-47081

[MateuszOssGit]

Hi @sudheer-den
Thanks for your issue. We also noticed this vulnerability issue with requests package.
What i found that ibm-cos-sdk team is working on it.
It can be followed under issue -> IBM/ibm-cos-sdk-python#70

[Mateusz-Switala]

The version of requests library has been updated in ibm-cos-sdk-core==2.14.2 and vulnerability issue does not occur anymore. Closing the issue. @sudheer-den Please reopen if needed